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(54) Methods and system for providing data and telephony security 

(57) A method and system for providing security for 
a computing device (12, 14 or 16) include resolving con- 
flicts between a password-protected screen saver (56) 
and communication notification capabilities (54) by 
selectively enabling access to specific communications 
when the computing device is in a locked mode. The 
screen saver of the computing device is configured (60) 
to switch (66) the device from a normal operative mode 
to a locked mode in response to detection of a preset 
condition, such as the expiration of an idle-time timer. 
The computing device then remains in the locked mode 
until a preset authorization condition is recognized (72), 
e.g., entering a password. However, with the computing 
device in the locked mode, a subset of communication 
access capabilities is enabled (84). Specifically, notifica- 
tion of incoming communications is enabled (78). Pref- 
erably, connectivity for select types of outgoing calls is 
also enabled, e.g.. connectivity for emergency calls. In 
the preferred embodiment, the conflicts are resolved by 
integrating the screen saver with communication access 
capabilities in a single software package. Also in the 
preferred embodiment the communication access 
capabilities are provided by a telephony-over-LAN 
application and a switch to the locked mode is disabled 
during communication sessions involving the computing 
device. In other embodiments, while in a locked mode, 
incoming calls may be preconfigured by the user to 
selectively break through security features based on 
caller identification information. 



Primed by Xerox (UK) Business Services 

2.16.7/3.6 



EP 0 990 968 A1 



Description 

CROSS REFERENCE TO RELATED APPLICATIONS 

[0001] This application is a continuation-in-part of 
application Serial No. 09/066.505. filed April 23. 1998 
and entitled "METHOD AND SYSTEM FOR PROVID- 
ING DATA AND TELEPHONY SECURITY" (Attorney 
Docket: 98 P 7504 US). 



BACKGROUND OF THE INVENTION 

[0002] The invention relates generally to methods and 
systems for limiting access to capabilities of a computer 
and more particularly to methods and systems for pro- 
tecting data and communications capabilities of a com- 
puter that is connected to a network that handles 
message exchanges. 

DESCRIPTION OF THE RELATED ART 

[0003] There are a number of mechanisms available 
for providing security within a network of computers, 
such as a local area network (LAN) or wide area net- 
work (WAN). A firewall is an electronic barrier that pro- 
vides network security by determining how outside 
users and servers access resources of the network via 
dial-up lines or another network. For example, a pass- 
word may be necessary to gain access to network 
resources. With added sophistication, a dial-back tool 
may be utilized as a component of a firewall. When a 
dial-in user is identified, the network terminates the con- 
nection and dials-back the user at a predetermined 
number, ensuring that a remote computer is indeed the 
authorized computer for accessing the network. 
[0004] Still at the network level, user security mecha- 
nisms determine how, when, and where network users 
can gain access to the network resources. Within an 
enterprise, there are often restrictions regarding which 
persons can access various types of information and 
various network resources. For example, information 
relating to a particular project may be restricted to man- 
agement and persons assigned to the project. Access 
to sensitive data may be restricted by user authentica- 
tion (e.g.. a password or a biometric technique such as 
a voiceprint authentication) or by device authentication 
in which only designated computers may gain access, 
so that the system need only distinguish the computers. 
[0005] There are also security concerns at the individ- 
ual computer level. Confidential information may be 
apparent on the monitor screen of an unattended com- 
puter or may be readily accessible by unauthorized indi- 
viduals using another person's computer. A departing 
employee may gain access to marketing information 
and developing designs and concepts by using the com- 
puter of another employee to access the internally 
stored data of the computer or to access network data 
having computer-specific restriction requirements. 



[0006] A security mechanism that is available at the 
computer level is a time-based screen saver that is 
password protected. If a computer remains idle for a 
selectable period of time, the resources of the computer 
5 are locked and the potentially sensitive information on 
the screen is deleted. In a screen saver mode, the 
screen may be blanked or may have a sequencing 
image that does not include sensitive material. Many 
corporations require the use of a password-protected 
10 screen saver to provide security. 

[0007] In the corporate environment, there is also a 
trend to incorporate telephony within the data network. 
For example, telephony over LAN (TOL) applications 
allow the handling of telephone calls via a computer. A 
is TOL application handles both video and audio informa- 
tion. When an incoming call is detected, a notification is 
presented on the computer screen of the target compu- 
ter. The notification is run in a minimized mode, or in the 
system tray of some operating systems. 
20 [0008] A concern is that the use of a TOL application 
is inconsistent with screen saver applications. As noted 
above, if a computer remains idle for a selected period 
of time, the resources of the computer may be automat- 
ically locked to ensure data security. However, this 
25 locked mode disables the TOL application. Conse- 
quently, a person may not receive notification of an 
incoming call. Optionally, the TOL application may be 
dominant, so that an incoming call will override the 
screen saver In this case, the security provided by the 
30 screen saver application is compromised. A person 
intent on accessing data of an unoccupied computer 
can unlock the resources of the computer merely by 
calling the computer from a second computer in the 
same area. As another alternative, the screen saver 
35 application may be dominant, so that the input of a 
password is required in order to access an incoming 
call. While this alternative ensures that an unattended 
computer is not unlocked by an incoming call, it requires 
that a user quickly enter the password into a computer 
40 that is the target of a business call and that is in the 
locked mode, or the business call will be missed. 
[0009] Another concern with the use of a TOL applica- 
tion with a password-protected screen saver application 
is that there are added risks in emergency conditions. In 
45 an emergency, a password must be entered into a com- 
puter before a reporting call can be made (e.g.. call 
"91 1 "). At best, this will slow down the process of report- 
ing the situation. At worst, the password requirement 
will prevent the reporting call from being completed, 
so since the person aware of the situation may not be near 
a computer for which he or she is aware of the appropri- 
ate password. 

[001 0] What is needed are methods and systems that 
accommodate the combination of an access-restricted 
55 application and a communications-enabling application 
within a single computing device. 
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SUMMARY OF THE INVENTION 

[0011 J A method and system of maintaining security 
for a computing device connected to a network include 
resolving conflicts between communication access s 
capability and a screen saver by selectively enabling 
access to communications when the computing device 
is in a locked mode. In the preferred embodiment, the 
communications are incoming telephone calls, but the 
method and system may be used in other messaging 10 
applications, e.g.. email applications. Also in the pre- 
ferred embodiment, the conflicts are resolved by inte- 
grating the screen saver and the communication access 
capabilities in a single software package. In a less pre- 
ferred embodiment, the conflicts are resolved by utiliz- is 
ing an arbitrating application to allow selective "break 
through" of a conventional screen saver application. 
[0012] In a first step, the computing device is config- 
ured to switch the device from a normal operative mode 
to a locked mode in response to detection of a preset 20 
condition, such as the expiration of an idle-time timer. 
Thus, if the computer remains idle for a preselected 
period of time, a computing device is switched to a 
locked mode that establishes a security condition with 
respect to data access capabilities and communication 25 
access capabilities. The computing device remains in 
the locked mode until a preset authorization condition is 
recognized. This preset authorization condition may be 
the entering of a password, but other authentication pro- 
cedures may be required, e.g., a voiceprint recognition. 30 
[001 3] In the preferred embodiment, telephone activity 
prevents the preset condition from being established. 
Thus, the idle-time timer cannot expire while the user is 
engaged in a telephone call. 

[0014] The method and system also include enabling 35 
notification at the computing device when an incoming 
communication is directed to the device. In a telephony 
over LAN (TOL) situation, the TOL application may be 
allowed to open in a minimized state upon detection of 
an incoming telephone call. However, only a subset of 40 
the communication access capabilities are unlocked, 
while data access capabilities and a second subset of 
communication access capabilities remain in the locked 
mode. For example, maximizing the state of the screen 
notif ication may not be permitted and the user may be 45 
unable to open any other windows. Thus, the call can be 
answered, but the computing device is locked in the 
TOL window. 

[001 5] If the user has not entered the preset authori- 
zation condition (e.g., input the correct password), the so 
computing device returns to an apparently locked mode 
upon completion of the incoming call. That is. the 
incoming call does not compromise either the data 
access security or the communication access security 
of the screen saver, other than for handling incoming ss 
communications. 

[0016] In the preferred embodiment, the subset of 
communication access capabilities that is enabled 



when the computing device is in the locked mode 
includes the ability to initiate specified types of outgoing 
calls. Preferably, emergency numbers may be recog- 
nized. For example, a "91 1" call may be initiated without 
entering a password. The screen saver application pref- 
erably remains in the locked mode during the emer- 
gency call. In addition to a "91 V call, internal 
emergency numbers may be recognized when entered 
in a screen saver input line. Optionally, other internal 
numbers may be recognized, while maintaining the 
security of the communication access capabilities with 
respect to initiating calls that are external to a particular 
TOL environment. 

[0017] The computing device includes the screen 
saver capability and the communications capability. As 
previously noted, the two capabilities are preferably 
integrated into a single program, but may be separate 
programs that are controlled in common. The screen 
saver capability switches the computing device to a 
locked mode that establishes the security conditions for 
disabling data access and restricting communication 
access. The computing device includes a mechanism 
for recognizing a predefined authorization sequence 
that unlocks the device from the security condition. 
However, when the computing device is in the security 
condition, a limited number of communication access 
capabilities are enabled. The enabled communication 
access capabilities include the ability to handle incom- 
ing communications and, optionally, the ability to initiate 
certain types of outgoing communications, e.g., emer- 
gency calls. 

[0018] These and other embodiments of the present 
invention are described in further detail below with refer- 
ence to the below drawings. 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0019] 

Fig. 1 is a schematic view of a network of comput- 
ing devices for handling incoming and outgoing 
communications in accordance with embodiments 
of the invention. 

Fig. 2 is a schematic view of components of the 
computing device of Fig. 1 according to embodi- 
ments of the invention. 

Fig. 3 is a process flow of steps for implementing a 
security system in accordance with a specific 
embodiment of the invention. 
Fig. 4 is a process flow of steps for implementing a 
security system in accordance with other specific 
embodiments of the invention. 

DETAILED DESCRIPTION 

[0020] With reference to Fig. 1 . a topology of a net- 
work 10 having security for protecting data and 
resources from unauthorized access is shown as hav- 
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ing three computing devices 12, 14 and 16 that each 
include a computer 18, 20 and 22 and a telephone 24, 
26 and 28. The telephones are not critical to the inven- 
tion, since a telephony over LAN (TOL) capability may 
be achieved by using the resources of the computers 5 
(e.g., sound cards and internal or external speakers). 
Preferably, the computing devices 12-16 are telephony 
clients that handle incoming and outgoing telephone 
calls via a telecommunications server 30. The telecom- 
munications server 30 is shown as being connected to w 
the public switched telephone network (PSTN) 34, 
allowing it to convert the gateway function of converting 
between circuit switched (PSTN) and packet switched 
(TOL) voice. The telecommunications server is also 
linked to a firewall 32 and the global communications 75 
network referred to as the Internet 36. As is well known 
in the art, a firewall provides an electronic barrier to limit 
access to network data and resources from outside the 
network. Thus, voice and video calls are connected to 
the network directly to the telecommunications server 20 
(with the server providing any desired security), while 
data calls might be connected back through the firewall 
via a modem to provide the desired data security. 
[0021] The computing devices 12, 14 and 16 are also 
connected to a message server 38. The message 25 
server may handle one or more types of messages that 
are stored for access by the computing devices. For 
example, the server 38 may store email messages or 
fax messages. While the method to be described below 
is preferably applied to selectively breaking through a 30 
screen saver capability as a result of detecting an 
incoming telephone call, the invention may be used in 
other messaging applications, such as email and fac- 
simile message exchanges associated with the server 
38. 35 
[0022] Referring now to Figs. 1 and 2, relevant com- 
ponents of the computing device 12 are shown as 
including a network link 40 having an input 42 that is 
connected to the servers 30 and 38. The means for pro- 
viding the network link is not critical to the invention. The *o 
input may be a cable connected to a wired port of the 
computer 18. Alternatively, wireless connections may 
be utilized, such as infrared transmission to a photore- 
ceptor on the computer. 

[0023] The computing device 1 2 includes at least one 45 
user input device 44 . Typical user input devices include 
a computer keyboard and a computer mouse. In addi- 
tion to the user input devices and the network link 40, 
other conventional components of the computing device 
12 include a central processing unit (CPU) 46, local so 
memory 48, video random access memory (VRAM) 50 
and a computer monitor 52. As is well known in the art. 
the CPU 46 controls the operations of the computing 
device. The local memory 48 may include an internal 
hard disk drive and peripheral drives having fixed or 55 
replaceable storage media. Data from the CPU 46 is 
used to update VRAM 50 for display at the computer 
monitor 52, as is well known in the art. 



[0024] The computing device 12 includes TOL capa- 
bility 54 and screen saver capability 56. While Fig. 2 
shows the TOL and the screen saver as separate appli- 
cations, in the preferred embodiment the two capabili- 
ties are integrated into a single application. If the two 
capabilities are implemented in separate applications, 
an arbitrating application may be used to manage the 
two applications, thereby providing compatibility. In 
some embodiments, TOL capability 54 (or the inte- 
grated application of the TOL and the screen saver) will 
include caller identification or caller identification infor- 
mation recognition functionality 53 (shown in dotted line 
in Fig. 2). In other embodiments, caller identification 
functionality 53 and its below-described related security 
features may be integrated directly into the screen saver 
capability 56. Alternatively, caller identification function- 
ality 53 may be integrated into the operating system of 
computing device 12 so that caller identification infor- 
mation is detected without the TOL client intervention. 
[0025] A security module 58 is shown as being con- 
nected between the user input devices 44 and the 
screen saver 56. The security module is software based 
and is similar to conventional security modules for use 
with screen savers, but preferably includes the addi- 
tional capability of monitoring activity of the TOL. pre- 
venting the screen saver security from being triggered 
during a telephone call. The security module may 
include a timing mechanism that monitors manipulation 
of the user input devices 44 to detect periods of inactiv- 
ity. The screen saver capability is configurable with 
respect to selecting a particular time period, so that the 
screen saver 56 switches the computing device 12 to a 
locked mode when the computing device is idle for a 
period exceeding the preselected period. That is. if 
there is no activity by any of the user input devices for a 
configurable period of time during which the user is not 
engaged in a call, the screen saver triggers a locked 
mode. In the preferred embodiment, the locked mode 
inhibits access to user data within the local memory 48, 
controls the display at the computer monitor 52, and 
restricts communication with the network via the net- 
work link 40. 

[0026] In operation, if the user of the computing device 
12 leaves the device unattended, the security module 
58 detects when the preconf igured time-out period has 
been exceeded. The screen saver switches the comput- 
ing device to the locked mode. The user data of the local 
memory 48 is secured by disabling access to the stored 
user data of the memory. Moreover, any sensitive mate- 
rial displayed on the monitor 58 is removed. The locked 
mode may cause the computer monitor to be blanked or 
may trigger display of an image sequence. For example, 
the corporate logo may be displayed as continuously 
moving across the monitor. 

[0027] While the security module 58 is shown as being 
connected only to the user input devices 44, typically 
the module is connected to other components of the 
computing device 12. so that switching between a nor- 



4 



7 



EP0 990 968 A1 



8 



mal operation mode and the locked mode is dependent 
upon a number of actions. For example, if there is an 
extended period of inactivity by the user input devices 
44, but the TOL 54 indicates that the user is engaged in 
a lengthy telephone call, the computing device will 5 
remain in the normal operation mode. Similarly, if it is 
determined that the CPU 46 is engaged in complex cal- 
culations with a spreadsheet program, so that the user 
input devices are inactive, the computing device 
remains in the normal operation mode. w 
[0028] Alternatively, under certain conditions the 
screen saver 56 may trigger a switch to the locked mode 
prior to expiration of the time-out period, if the security 
module 58 has been preconf igured to provide the pre- 
mature switch. As one example, a user may intentionally 15 
"park" a cursor in a preselected corner of the monitor 52 
in order to immediately switch from the normal opera- 
tion mode to the locked mode. As another example, a 
sequence of keys on the keyboard may be depressed to 
automatically trigger the locked mode. Thus, a user is 20 
able to immediately secure the computing device 12 
when he or she leaves the area of the computing 
device. 

[0029] One concern with prior art computing devices 
that include both screen saver and TOL capabilities is 25 
that there are conflicts between the purposes of the two 
applications. If the screen saver 56 of Fig. 2 is operated 
without concern for the TOL capability 54, a user will be 
unable to receive incoming communications or direct 
outgoing communications when the computing device 30 
12 is in the locked mode. On the other hand, rf the TOL 
capability is implemented without regard for the security 
provided by the screen saver capability, security of 
stored data and the telecommunications capabilities is 
compromised merely by directing a call to the TOL di- 35 
ent. For example, user data at the local memory may be 
switched from being inaccessible to being accessible 
merely by directing a call to the TOL client 54. 
[0030] Another concern is that the screen saver 56 
may slow or even block the report of an emergency con- 40 
dition. Typically, the switch from the locked mode to the 
normal operation mode requires an authentication proc- 
ess. The screen saver may be password protected or 
may require a biometric authorization, such as a voice- 
print authentication. If the authorized person is availa- 45 
ble, the authentication process must be followed before 
an emergency is reported, rf the authorized person is 
unavailable, another means for reporting the emer- 
gency must be utilized. 

[0031] Fig. 3 is a process flow for a method of main- so 
taining security of the computing device while resolving 
conflicts between the communication access capability 
and the screen saver. The conflicts are resolved by 
allowing selective "break through" of a conventional 
screen saver application. In step 60, the screen saver 55 
56 of Fig. 2 is configured to define a number of opera- 
tional parameters. The parameters include setting the 
conditions under which the computing device 12 is 



switched from the normal operational mode to the 
locked mode. This may merely be an identification of a 
period of idle time before the switch is executed. The 
configuration of the operational parameters may also 
include defining the authorization condition, such as the 
input of a particular password or the selection of a par- 
ticular biometric technique, e.g.. voiceprint recognition. 
[0032] The configuration of operational parameters 
within the step 60 may also include defining particular 
types of calls that can be initiated when the screen 
saver is in the locked mode. Preferably, emergency 
numbers may be dialed. That is, the computing device 
12 may be configured to allow dialing of "91 1 " and inter- 
nal emergency numbers. For example, "Enter password 
or 91 1 for emergencies" or a separate "emergency but- 
ton" could exist on the screen saver input window to 
automate the dialing of the emergency number. In this 
manner, someone walking near the computing device 
could use the TOL 54 to report an emergency, even if 
the person was unaware of the screen saver password. 
[0033] Optionally, the types of calls that are enabled 
when the computing device 12 is in the locked mode 
include internal calls. Thus, if the user of the computing 
device 1 2 attempts to contact the user of the computing 
device 16 of Fig. 1. connectivity could be established 
while maintaining the computing device in the locked 
mode. However, a call to a telephone beyond the firewall 
32 could not be completed until the prescribed authori- 
zation process is completed and the computing device 
is returned to its normal operation mode. 
[0034] In step 62, the computing device 12 is in the 
normal operation mode, but monitors the system to 
determine if the preset conditions are established for 
switching the computing device to the locked mode. In 
Fig. 2, the security module 58 monitors idle time to 
determine when the preconf igured idle-time period has 
been exceeded. If in the determination step 64 a preset 
condition is recognized, the computing device 12 is 
switching to the locked mode in step 66. As previously 
noted, this disables access to the local memory 48, 
removes potentially sensitive subject matter from the 
screen monitor 52, and restricts use of the TOL 54. 
[0035] In step 68, the system monitors for the author- 
ization condition that triggers a switch from the locked 
mode to the normal operation mode. If in the determina- 
tion step 70 the authorization condition is recognized, 
e.g., a password is entered, the switch to the normal 
operation mode is executed at step 72 and the process 
returns to the monitoring step 62. 
[0036] In step 74, a TOL access is recognized before 
the authorization condition is established. If in step 76 
the TOL access is determined to be an attempt to initi- 
ate an outgoing call, the determination step 78 ascer- 
tains whether the attempted outgoing call is of a call 
type that was designated as being accessible when the 
computing device 12 is in the locked mode. As previ- 
ously noted, the computing device is preferably config- 
ured to allow outgoing emergency calls to be completed 
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when the computing device is in the locked mode. A 
determination at step 78 that the outgoing call is permis- 
sible results in the initiation of connectivity at step 80. 
With connectivity for the selected outgoing call initiated, 
the process returns to the step 68 of monitoring for the 
authorization condition that is necessary to return the 
computing device to the normal operation mode. On the 
other hand, a determination at step 78 that the outgoing 
call is not identified as a permissible outgoing call 
results in a denial of access at step 82 and a return to 
the monitoring step 68. 

[0037] Returning to step 76 of Fig. 3, a determination 
that the TOL access is an incoming call results in a call 
notification at step 84. For example, the recognition of 
the call may allow the TOL 54 to occupy the monitor 
screen 52 in a minimized state. Connectivity may be ini- 
tiated at step 80, but the window may be restricted to its 
minimized state. Moreover, the user is restricted from 
opening any other programs or windows. In this secure 
condition, the computing device 12 is locked in the TOL 
window and the security of the data and outgoing call 
capabilities of the computing device is not compro- 
mised. However, the process is returned to step 68 to 
allow an authorized user to return the computing device 
to the normal operation mode by entering the password 
or other authentication item. 

[0038] In accordance with other specific embodiments 
of the present invention, Fig. 4 illustrates a process flow 
of steps for implementing a security system with several 
configurable settings, as described below. This process 
flow is similar to that described for Fig. 3 but with some 
optional features that may occur between steps 76 and 
80 in place of step 84, as shown in Fig. 4. According to 
the present embodiments, the configuration of opera- 
tional parameters within the step 60 (Fig. 3) may also 
include defining particular types of calls that can be 
received when the screen saver is in the locked mode, 
in particular, the user of computing device 12 may 
select to configure the system for high, medium or low 
security. For high security, all incoming calls are allowed 
to break through the security features only with proper 
authorization, e.g., the correct password for the user of 
computing device 12. The high security configuration is 
especially useful for environments where all unauthor- 
ized incoming calls (e.g., unauthorized modem use to 
transfer sensitive files) to a computer need to be pre- 
vented. For medium security, only certain incoming calls 
from a predetermined list of callers based on caller 
identification information are allowed to break through 
the security feature without authorization, while all other 
calls require authorization. For the lowest security, all 
incoming calls are allowed to break through the security 
features without any proper authorization. Further, 
some specific embodiments can optionally provide for 
recognition and acceptance of second-level authoriza- 
tion, e.g., the correct password for other users (such as 
the users assistant, or others in the same department) 
authorized to answer incoming calls but not to initiate 



outgoing non-emergency calls. 
[0039] After a determination that the TOL access (step 
74 of Fig. 3) is an incoming call (step 76), the present 
method determines in step 90 whether the system has 
5 been configured such that any incoming call requires 
authorization condition to be met before allowing the 
call (true for either the high or medium security level). If 
the system determines in step 90 that no call requires 
the authorization condition (i.e.. the system was precon- 
w figured for the lowest security option), then the system 
proceeds to initiate call notification in step 92 (which can 
optionally include identifying the incoming call by the 
caller identification information) and initiate connectivity 
in step 80 (then the system proceeds according to Fig. 
is 3). However, if the system detects in step 90 that it has 
been configured for either the high or medium security 
level, so that any call (i.e.. either all or some incoming 
calls) requires authorization, then the system deter- 
mines in step 94 whether all calls require authorization 
20 condition to be met (true for the high security level). 
[0040] If the system has been configured for the high 
security level, then the system proceeds from step 94 to 
initiate call notification in step 96 (similarly to step 92. 
call notification step 96 can optionally include identifying 
25 the incoming call by the caller identification information), 
and then to monitor for the authorization condition in 
step 98. If in step 100 the authorization condition is 
entered and recognized within a predetermined time 
interval, then the system initiates connectivity in step 
30 80. If the authorization condition is not entered or recog- 
nized within the predetermined time interval, then the 
system denies access to the incoming call in step 82 
(and the system continues according to Fig. 3). 
[0041] If the system has been configured for the 
35 medium security level, then the system proceeds from 
step 94 to compare in step 1 02 the incoming call's caller 
identification information with a list of predetermined 
caller identification information (previously configured 
by the authorized user of computing device 12). The 
40 preconfigured list of callers whose incoming calls have 
been authorized to break the security features allows for 
certain types of calls to break through the password pro- 
tection (e.g., security department calls can contact peo- 
ple in an emergency, calls from the president of the 
45 company or one's boss or an important client could also 
be configured to break through the security). If the 
incoming caller idenfitication information matches one 
on the list, then the system initiates call notification step 
92 so that connectivity is initiated in step 80. If the sys- 
so tern determines in step 104 that there is not a match, 
then the system initiates a call notification in step 96 and 
monitors for the authorization condition in step 98. The 
system then proceeds as earlier described for steps 
100. 80 and 82 in Fig. 4. 
55 [0042] As discussed for Fig. 3. recognition of the 
incoming call may allow the TOL 54 to occupy the mon- 
itor screen 52 in a minimized state. Then connectivity 
may be initiated at step 80. but the window is restricted 
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to its minimized state. Moreover, the user is still 
restricted from opening any other programs or windows 
on computing device 12. The user can optionally pre- 
configure the authorization condition for allowing the 
incoming call and the authorization condition for access 
to computing device 12 to differ. Preferably, authoriza- 
tion condition for allowing the incoming call is preconf ig- 
ured to be shorter (or easily executed and recognized) 
than the authorization condition for computing device 
access, as incoming calls often need to be answered as 
soon as possible. 

[0043] While the process flows of Figs. 3 and 4 have 
been described primarily with respect to telecommuni- 
cations according to specific embodiments of the 
present invention, this is not critical for other embodi- 
ments. The method may be used in connection with 
other communication environments. For example, email 
notification and screen saver capabilities can be inte- 
grated in the manner described with reference to Figs. 
2. 3 and 4. 

Claims 

1. A method of maintaining security for a computing 
device (12, 14 or 16) connected to a network (10) to 
receive incoming communications comprising 
steps of: 

configuring (60) said computing device such 
that said computing device switches from an 
operative mode to a locked mode (66) in 
response to detection of a preset condition (70) 
and switches from said locked mode to said 
operative mode (72) in response to detection of 
a preset authorization condition, said locked 
mode establishing a security condition with 
respect to data access capabilities and com- 
munication access capabilities of said comput- 
ing device; 

enabling notification (84) at said computing 
device when an incoming communication is 
directed to said computing device; and 
enabling access to said communication access 
capabilities (80) of said computing device in 
response to detecting said notification that said 
incoming communication is directed to said 
computing device, including providing access 
to handling said incoming communication while 
maintaining said security condition with respect 
to said data access capabilities until said 
detection of said preset authorization condi- 
tion. 

2. The method of claim 1 wherein said step of config- 
uring (60) said computing device (12. 14 or 16) 
includes setting parameters of a password pro- 
tected screen saver (56) that is responsive to said 
detection of said preset condition (70), including 



setting a password such that input of said password 
satisfies said preset authorization condition. 

3. The method of claim 1 or 2 wherein said step of 
5 enabling access to said communication access 

capabilities (80) includes limiting said access to 
handling said incoming communication, such that 
initiation of outgoing communications is denied (82) 
in the absence of said preset authorization condi- 
10 tion. 

4. The method of claim 3 wherein said step of config- 
uring (60) said computing device (12, 14 or 16) 
includes setting operational parameters of a teleph- 

15 ony-over-LAN (VOL) application (54), said incoming 
communication being a telephone call that includes 
at least one of voice and video information. 

5. The method of claim 4 further comprising a step of 
20 installing said TOL application (54) in said comput- 
ing device (12, 14 or 16) such that said TOL appli- 
cation is integrated with a screen saver (56) that is 
configurable with respect to selection of said preset 
authorization condition, said step of configuring 

25 (60) said computing device including selecting 
operational parameters of said screen saver. 

6. The method of claim 4 further comprising steps of 
installing said TOL application (54) and installing a 

30 screen saver application (56) in said computing 
device, said TOL and screen saver applications 
being operationally compatible with respect to 
switching said communication access capabilities 
(72) of said computing device from said locked 

35 mode to said operative mode while maintaining 
said data access capabilities in said locked mode 
when said notification is detected (76) separately 
from said preset authorization condition. 

40 7. The method of claim 1 , 2, 3, 4, 5 or 6 wherein said 
step of configuring (60) said computing device 
includes defining limitations on utilizing said com- 
munication access capabilities when said comput- 
ing device is in said locked mode, including 

45 identifying limited types (78) of outgoing telephone 
calls that can be initiated (80) in the absence of 
detecting said preset authorization condition. 

8. The method of claim 1 wherein said step of config- 
so uring said computing device includes defining limi- 
tations on utilizing said communication access 
capabilities when said computing device is in said 
locked mode, said limitations including identifying 
limited types of incoming telephone calls that can 
55 be received in the absence of detecting a second 
preset authorization condition, said limited types 
defined by previously configured predetermined 
caller identification information. 
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9. The method of claim 8 wherein said second preset 
authorization condition and said preset authoriza- 
tion condition are different 

10. In a computing device (1 2, 14 or 1 6) connected to a 
network (10) to receive incoming communications, 
a security system comprising: 

a screen saver (56) for selectively establishing 
a security condition with respect to disabling 
data access capabilities and communication 
access capabilities (40) of said computing 
device, said screen saver having a locked 
mode (66) and an operative mode (72). said 
screen saver being in said locked mode when 
said security condition is established; 
an authentication mechanism (58) coupled to 
recognize a predefined authorization sequence 
to override said locked mode of said screen 
saver, thereby switching said screen saver from 
said locked mode to said operative mode in 
which said data access and communication 
access capabilities are enabled; and 
a processor (46) for enabling a first set of com- 
munication access capabilities of said comput- 
ing device in response to detection of an 
incoming communication with said screen 
saver in said locked mode, said first set includ- 
ing enabling handling of said incoming commu- 
nication (84) while said screen saver remains in 
said locked mode with respect to said data 
access capabilities and with respect to a sec- 
ond set of said communication access capabil- 
ities. 

11. The security system of claim 10 wherein said com- 
munication access capabilities include telephone 
circuitry (24, 26, 28) for enabling a telephone con- 
nection. 

12. The security system of daim 11 wherein said first 
set of said communication access capabilities 
relates to connectivity (80) of said telephone cir- 
cuitry to receive incoming calls and to initiate spec- 
ified types of outgoing calls, and wherein said 
second set of communication access capabilities 
relates to connectivity of said telephone circuitry to 
initiate remaining types of said outgoing calls. 

13. The security system of claim 11, wherein said 
authentication mechanism also recognizes a sec- 
ond predefined authorization sequence to prevent 
said processor from enabling said first set of com- 
munication access capabilities when said second 
predefined authorization sequence is not recog- 
nized, and wherein said first set of said communica- 
tion access capabilities relates to connectivity of 
said telephone circuitry to initiate specified types of 
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45 



50 



55 



outgoing calls and to receive selected incoming 
calls, wherein said selected incoming calls received 
are determined from a preconfigured set of caller 
identification information, and wherein said second 
set of communication access capabilities relates to 
connectivity of said telephone circuitry to initiate 
remaining types of said outgoing calls. 



8 



BNSDOCID- <EP _0990968A1J_> 



EP 0 990 968 A1 




BNSDOCIO: <EP 0990968A1_I_> 



EP0 990 968A1 




BNSDOCIO <EP_0990968A1J_» 



EP 0 990 968 A1 



CONFIGURE SCREEN SAVER CONDITIONS 



MONITOR FOR PRESET CONDITIONS 



60 



62 




NO 



SWITCH TO LOCKED MODE 



72 

1 



MONITOR FOR AUTHORIZATION CONDITION 



SWITCH TO 
OPERATIVE MODE 




66 
68 



82 



RECOGNIZE TOL ACCESS 



84 



80 



INITIATE CALL NOTIFICATION 



INITIATE CONNECTIVITY 



YES 



DENY ACCESS 




BNSDOCID: <EP 0990968A1 J_> 



FIG. 3 

11 



EP 0 990 968 A1 



J 



European Patent 

Office 



EUROPEAN SEARCH REPORT 



Application Number 

EP 99 10 7004 



DOCUMENTS CONSIDERED TO BE RELEVANT 



Category 



Citation of document with indication, where appropriate, 
of relevant passages 



WO 98 23062 A (T-NETIX INC.) 
28 May 1998 (1998-05-28) 

* page 29, line 17 - page 30, line 23; 
figure 11 * 

ANON.: "Hardware monior security feature' 
IBM TECHNICAL DISCLOSURE BULLETIN, 
vol. 32. no. 3A, August 1989 (1989-08), 
pages 284-285, XP000049463 
NEW YORK US 
abstract * 

WO 98 30017 A (VISIONICS CORP.) 
9 July 1998 (1998-07-09) 

page 14, line 22 - page 15, line 9; 
figure 5 * 

WO 97 49217 A (BELLSOUTH CORP.) 
24 December 1997 (1997-12-24) 

* page 1, line 11 - line 16 * 

* page 21, line 9 - page 22, line 31; 
figures 1,2 * 



1-3,10, 
11 



1-3,10 



Relevant 
to claim 



CLASSIFICATION OF THE 
APPLICATION (blLCLT) 



1,3,10 



1,3 



The present search report has been drawn up (or afl claims 



Place ot starefl 

BERLIN 



D<*« at completion ol the search 

3 December 1999 



GQ6F1/00 



TECHNICAL FIELDS 
SEARCHED (lntCt.7) 



G06F 



Taylor, P 



CATEGORY OF CITED DOCUMENTS 



X : particularly relevant d taken * 
Y : particularly relevant d combined with another 

document of the umt category 
A : technological background 
O : non-written diacloaure 
P:i 



T ■ theory or prtncple underlying the invention 
E : earlier patent document, but pubSehed on, or 

after the firing data 
D : document eted in the application 
L : document cited for other reeeons 



& member of the tare patent family, correspond*^ 
document 



12 



0990968A1 I > 



EP0990 968A1 



ANNEX TO THE EUROPEAN SEARCH REPORT 
ON EUROPEAN PATENT APPLICATION NO. 



EP 99 10 7604 



This annex lists the patent family members relating to the patent documents cited in the above-mentioned European search report. 
The members are as contained in the European Patent Office EDP file on 

The European Patent Office is in no May liable for these particulars which are merely given for the purpose of information. 

G3-12-1999 



Patent document 
cited in search report 



Publication 
date 



Patent family 
members) 



Publication 
date 



WO 9823062 



28-05-1998 



AU 7304798 A 
EP 0938793 A 



WO 9830017 
W0 9749217 



A 
A 



09-07-1998 
24-12-1997 



AU 



5711598 A 



US 
AU 
AU 
CA 
EP 



5901284 A 
711389 B 
3396097 A 
2257992 A 
0906682 A 



10-06-1998 
01-09-1999 



31-07-1998 



04-05-1999 
14-10-1999 
07-01-1998 
24-12-1997 
07-04-1999 



i For more details about this annex : see Official Journal of the European Patent Office, No. 12/82 



13 



BNSOOCID <EP_ _Q99Q968A1 J,> 



THIS PAGE BLANK i*> SPT0) 



